Background on DNSSEC
Since DNS inherently lacks security, DNSSEC was designed to protect networks from attacks, such as DNS cache poisoning. Domain Name System Security Extensions (DNSSEC) is a specification for securing the traditional DNS and is a set of extensions to DNS, which provide data integrity and origin authentication of DNS data.
Even though our Dell TCPWave appliance leverages source port randomization, and query scrubbers, to fend off a Kaminsky attack, we still offer our customers the choice to deploy DNSSEC if it adds additional security in some circumstances.
When the DNS was first conceived, the internet was very small that it could not foresee the future cyber-attacks that could exploit its security shortcomings. Over the past few decades DNS, despite its vulnerabilities, had remained unchanged in its implementation while spreading all over the world. This meant that it posed a serious threat for any organization’s network which relies primarily on DNS.
Domain Name System Security Extensions (DNSSEC) was designed as an improvement over DNS to protect networks from pervasive threats, such as DNS cache poisoning, DNS redirection, malware and man-in-the-middle attacks. DNSSEC is a specification which provides data integrity and origin authentication of DNS data through public key encryption and validation of data using a digital signature.
Implementing DNSSEC can be a daunting process since it requires complete overhaul of an organization’s network. With our huge expertise in network designing and best industrial practices in management routines, we overcome the challenges of implementing the DNSSEC with much less complexity. You can protect your organization’s brand and your consumer by deploying our DNSSEC enabled appliances and joining the global chain of trust. With DNSSEC you can explore new exciting possibilities in business by rolling out new innovative services that are more secure and capable of attracting customers.
Simplified DNSSEC rollouts
TCPWave’s DNSSEC solution works with OpenDNSSEC and BIND’s zone signing for dynamic zones. Securing the domain name system is integral to the security of the Internet infrastructure in whole. When properly maintained, DNSSEC signed zones provide extra security by preventing man-in-the-middle attacks. Any customer with DNSSEC-aware resolver will not be at risk from DNS spoofing. Customers that are not DNSSEC aware will not see any adverse effect. While they won’t get the protection, they’ll continue to access your domain name just as they always have. The more domain names that are using DNSSEC, the more websites and email addresses will be protected on the Internet.